Infra , DevSecOps & Automation Architect at Zuellig Pharma
Real User
Top 10
2024-11-05T15:44:49Z
Nov 5, 2024
When our developers are building the microservices, instead of imposing additional burdens or additional thinking on them, especially as part of network features such as traffic management, security, or observability, we deploy something from the infrastructure side, so developers need only focus on the business logic. We handle cases that include security, traceability, and traffic management. Features like traffic splitting, fault injection, and retry are possible with Istio.
Senior DevSecOps Engineer at a computer software company with 1-10 employees
Real User
Top 20
2024-08-26T18:23:49Z
Aug 26, 2024
I was previously an implementation engineer at Solo.io, which offers an enterprise version of Istio. Essentially, the product uses higher-level CRDs to manage the data plane and control plane of Istio. Solo also provides custom images of Istio, like FIPS-enabled versions. Most of the use cases I worked on at Solo involved multi-cluster environments with service mesh, which are traditionally difficult to configure. Solo's product made it easier to manage large multi-cluster environments. For some customers, we were dealing with up to a hundred thousand apps in the mesh, or even more. A lot of the large-scale use cases included outlier detection and failover of backend services across clusters. Mutual TLS (mTLS) was also a very popular use case. Istio simplifies enabling mTLS connections for front-end to back-end services in a microservice environment. Typically, customers used the Istio Ingress Gateway as their primary API gateway. We also had many customers who wrote their own Envoy filters for the data plane, with a common use case being integrating a NextAuth gRPC service for redirects to their OIDC providers for front-end services. This was a very common implementation.
I use Istio to manage traffic flow within my microservices architecture, particularly for the data and control plane components. It includes telemetry capabilities that I mentioned before. Istio provides important features like Service Discovery for service-to-service communication, which helps services interact.
We had a Kubernetes cluster, and Istio managed all the security aspects we handled on the security layer. We were not writing that specific part in the code. The solution saved us time from writing complex code inside the code. Istio handled things like securing and the traffic management part.
Istio will make life easier if you are using Kubernetes. Kubernetes is an orchestration tool for DevOps for infrastructure as a service. In terms of routing the request from different parts, Istio service mesh will make your life easy. There are a lot of internal technical discussions we can do regarding how it helps and what all those important things are. Overall, it will make your life easier for DevOps people if they are using Kubernetes. If you are deploying it end-to-end with you taking ownership of deploying the ports and Kubernetes, Istio will make it easy for you.
VP of Engineering at a healthcare company with 201-500 employees
Real User
2021-01-16T02:48:13Z
Jan 16, 2021
We are using the Istio framework as the service mesh for our microservices. We use it as a load balancer for the network traffic that is coming in. We have HTTP traffic that is coming into our service, and this traffic has to go to multiple other services. Typically, in microservice, you have a class of servers that need to talk to each other. There is a proxy server that talks to these servers on the mesh layer.
Connect
Intelligently control the flow of traffic and API calls between services, conduct a range of tests, and upgrade gradually with red/black deployments.
Secure
Automatically secure your services through managed authentication, authorization, and encryption of communication between services.
Control
Apply policies and ensure that they’re enforced, and that resources are fairly distributed among consumers.
Observe
See what's happening with rich automatic tracing, monitoring, and...
When our developers are building the microservices, instead of imposing additional burdens or additional thinking on them, especially as part of network features such as traffic management, security, or observability, we deploy something from the infrastructure side, so developers need only focus on the business logic. We handle cases that include security, traceability, and traffic management. Features like traffic splitting, fault injection, and retry are possible with Istio.
I was previously an implementation engineer at Solo.io, which offers an enterprise version of Istio. Essentially, the product uses higher-level CRDs to manage the data plane and control plane of Istio. Solo also provides custom images of Istio, like FIPS-enabled versions. Most of the use cases I worked on at Solo involved multi-cluster environments with service mesh, which are traditionally difficult to configure. Solo's product made it easier to manage large multi-cluster environments. For some customers, we were dealing with up to a hundred thousand apps in the mesh, or even more. A lot of the large-scale use cases included outlier detection and failover of backend services across clusters. Mutual TLS (mTLS) was also a very popular use case. Istio simplifies enabling mTLS connections for front-end to back-end services in a microservice environment. Typically, customers used the Istio Ingress Gateway as their primary API gateway. We also had many customers who wrote their own Envoy filters for the data plane, with a common use case being integrating a NextAuth gRPC service for redirects to their OIDC providers for front-end services. This was a very common implementation.
I use Istio to manage traffic flow within my microservices architecture, particularly for the data and control plane components. It includes telemetry capabilities that I mentioned before. Istio provides important features like Service Discovery for service-to-service communication, which helps services interact.
We had a Kubernetes cluster, and Istio managed all the security aspects we handled on the security layer. We were not writing that specific part in the code. The solution saved us time from writing complex code inside the code. Istio handled things like securing and the traffic management part.
Istio will make life easier if you are using Kubernetes. Kubernetes is an orchestration tool for DevOps for infrastructure as a service. In terms of routing the request from different parts, Istio service mesh will make your life easy. There are a lot of internal technical discussions we can do regarding how it helps and what all those important things are. Overall, it will make your life easier for DevOps people if they are using Kubernetes. If you are deploying it end-to-end with you taking ownership of deploying the ports and Kubernetes, Istio will make it easy for you.
I primarily use Istio for connecting services and security.
We are using the Istio framework as the service mesh for our microservices. We use it as a load balancer for the network traffic that is coming in. We have HTTP traffic that is coming into our service, and this traffic has to go to multiple other services. Typically, in microservice, you have a class of servers that need to talk to each other. There is a proxy server that talks to these servers on the mesh layer.